All Government Digital Service (GDS) websites will be required to adopt HTTPS encryption from 1 October, according to new security guidelines, if they haven't done so already.
The sites will also be expected to boost email security, and must publish a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy for email systems.
"The service.gov.uk standards require all government services to run on secure connections, known as ‘HTTPS'. This type of connection makes sure user data is encrypted and stays secure while users interact with your service," explained Dafydd Vaughan, a technical architect at the GDS, in a blog post this week revealing the decision.
"As well as enforcing the use of HTTPS, we now mandate that the service uses HTTP Strict Transport Security [HSTS]. This setting tells modern browsers that your service will only use secure connections and information should be sent encrypted.
"In September, we plan to submit the service.gov.uk domain to the browser manufacturers' HSTS preload list. This means that all modern browsers will only ever connect to government services via HTTPS.
"If your service is only available over unsecured connections, it will stop working in modern browsers once this happens. This may also affect testing environments hosted on service.gov.uk."
The GDS has also published guidance on how to implement secure email practices, including DMARC.
"As a temporary measure, if your team cannot set the DMARC policy to p=reject in this time period, you should publish a record using p=none to override the default policy," advised Vaughan.
The move is part of global shift to HTTPS, kicked off after the Edward Snowden disclosures showed how security services were taking advantage of insecure connections to spy on people and organisations.
Yahoo was one of the first to respond by taking Yahoo Mail all HTTPS in October 2013. Apple, meanwhile, will force developers to secure iOS apps with HTTPS from 2017, cracking the security whip on lackadaisical devs from 1 January next year.
Google has done its bit by promising in 2014 to rank websites secured with HTTPS more highly.
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?